PHP : Filters

In PHP, filters provide a convenient and secure way to validate and sanitize user input. PHP filters are used to validate and sanitize external input, like user input from forms, and they can be used to filter data from various sources. Here's an overview of how to use PHP filters:

Filter Functions:

There are two main functions for using filters in PHP:

filter_var(): Filters a single variable with a specified filter.
filter_var_array(): Filters multiple variables with the same or different filters.

Common Filters:

Validation Filters:

FILTER_VALIDATE_EMAIL: Validates an email address.
FILTER_VALIDATE_URL: Validates a URL.
FILTER_VALIDATE_INT: Validates an integer.
FILTER_VALIDATE_FLOAT: Validates a float.

Sanitization Filters:

FILTER_SANITIZE_STRING: Removes tags and escapes special characters from a string.
FILTER_SANITIZE_EMAIL: Removes all illegal characters from an email address.
FILTER_SANITIZE_URL: Removes all illegal characters from a URL.
FILTER_SANITIZE_NUMBER_INT: Removes all characters except digits, plus and minus sign.

Usage:

Single Variable:

$email = "john.doe@example.com"; if (filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Valid email address."; } else { echo "Invalid email address."; }

Single Variable with Options:

$number = "123"; $options = array( 'options' => array( 'min_range' => 1, 'max_range' => 100 ) );

if (filter_var($number, FILTER_VALIDATE_INT, $options)) { echo "Valid number."; } else { echo "Invalid number."; }

Multiple Variables:

$data = array( 'email' => "john.doe@example.com", 'age' => "30", 'url' => "https://example.com" );

$filters = array( 'email' => FILTER_VALIDATE_EMAIL, 'age' => array( 'filter' => FILTER_VALIDATE_INT, 'options' => array( 'min_range' => 1, 'max_range' => 120 ) ), 'url' => FILTER_VALIDATE_URL );

$result = filter_var_array($data, $filters);

if ($result['email'] === false) { echo "Invalid email."; }

if ($result['age'] === false) { echo "Invalid age."; }

if ($result['url'] === false) { echo "Invalid URL."; }

Example with Form Input:

Let's say you have a form with three input fields: email, age, and URL. Here's how you can use filters to validate and sanitize the form data:

HTML Form (form.html):

<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Form with Filters</title> </head> <body> <h2>Form with Filters</h2> <form action="process_form.php" method="post"> Email: <input type="text" name="email"><br> Age: <input type="text" name="age"><br> URL: <input type="text" name="url"><br> <input type="submit" value="Submit"> </form> </body> </html>

PHP to Process Form (process_form.php):

<?php $email = $_POST['email']; $age = $_POST['age']; $url = $_POST['url'];

$filters = array( 'email' => FILTER_VALIDATE_EMAIL, 'age' => array( 'filter' => FILTER_VALIDATE_INT, 'options' => array( 'min_range' => 1, 'max_range' => 120 ) ), 'url' => FILTER_VALIDATE_URL );

$result = filter_var_array($_POST, $filters);

if ($result['email'] === false) { echo "Invalid email.<br>"; } else { echo "Email: " . $result['email'] . "<br>"; }

if ($result['age'] === false) { echo "Invalid age.<br>"; } else { echo "Age: " . $result['age'] . "<br>"; }

if ($result['url'] === false) { echo "Invalid URL.<br>"; } else { echo "URL: " . $result['url'] . "<br>"; } ?>

Explanation:

The HTML form (form.html) sends the form data to process_form.php using the POST method.
process_form.php retrieves the form data using $_POST.
The filter_var_array() function is used to filter the input data according to the specified filters.
Each input is validated with its corresponding filter, and if it fails validation, an error message is displayed.